On Friday, May 24, 2013 12:21:47 PM Phil Mayers wrote: > On 24/05/13 11:44, Pieter Hulshoff wrote: > > Hello all, > > > > Does FreeRADIUS support AES-GCM in EAP-TLS? I couldn't find the term in > > the > > documentation, the wiki or the mailinglist archives, but perhaps I'm > > looking in the wrong place? > > Typically this is down the TLS libraries; it's not usually the case that > the application needs to do anything.
It seems I have a lot to learn yet about what is and is not a part of FreeRADIUS. My apologies for pushing (slightly) OT subjects onto the mailinglist. > That said, EAP-TLS is typically TLS 1.0. AIUI, AEAD ciphers require TLS > 1.2 - see section 4 of RFC 5288. But again, FreeRADIUS doesn't involve > itself in this level of detail - that's an aspect of the TLS library > (OpenSSL) we use, and whatever the EAP-TLS client is using. I guess that if we want to use AEAD cyphers we'll need to find another TLS library or adapt/contribute to OpenSSL? > Note also that EAP-TLS (unlike other TLS-based EAP methods, such as PEAP > or TTLS) never actually sends any data over the TLS session; > essentially, it consists solely of the handshake. In TLS terms, EAP-TLS > never sends any TLS records of type=23 (application data). So, the > negotiated cipher is not used for very much. The EAP-TLS Finished (type=20) are secured/signed with this negotiated cipher though, correct? > Slightly OT, there seems to be some degree of uncertainty about GCM in > general, and whether it's a sensible cipher mode - for example, see > http://www.imperialviolet.org/2013/01/13/rwc03.html Interesting article nontheless. I guess I've been working as a hardware engineer for too long; I haven't been bothered by timing side-channel attacks too much. :) It's something to take into consideration though. Kind regards, Pieter Hulshoff - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html